A conflict arises between FPT_TUD_EXT.1.4 and FPT_TUD_EXT.1.5 when “with the platform OS” is selected in FPT_TUD_EXT.1.5.

FPT_TUD_EXT.1.4 states “The application installation package and its updates shall be digitally signed such that its platform can cryptographically verify them prior to installation.
Application Note: The specifics of the verification of installation packages and updates involves requirements on the platform (and not the application), so these are not fully specified here.”

It is not clear how to satisfy this SFR when the installation package contains the TOE platform (the OS) within itself (i.e. when the TOE is distributed “with the platform OS”).

FPT_TUD_EXT.1.4 is updated as follows, with strikethroughs denoting deletion and underlines denoting additions:

FPT_TUD_EXT.1.4 The aApplication installation package and its updates shall be digitally signed such that its the application platform can cryptographically verify them prior to installation.

Application Note: The specifics of the verification of installation packages and updates involves requirements on the platform (and not the application), so these are not fully specified here.

Evaluation Activity

TSS

The evaluator shall verify that the TSS identifies how the application installation package and updates to it the application are signed by an authorized source. The definition of an authorized source must be contained in the TSS. The evaluator shall also ensure that the TSS (or the operational guidance) describes how candidate updates are obtained.

Guidance

None.

Tests

None.

FPT_TUD_EXT.2.3 is added to FPT_TUD_EXT.2 in Appendix B:

FPT_TUD_EXT.2.3 The application installation package shall be digitally signed such that its platform can cryptographically verify them prior to installation.

Application Note: The specifics of the verification of installation packages involves requirements on the platform (and not the application), so these are not fully specified here.

Evaluation Activity

TSS

The evaluator shall verify that the TSS identifies how the application installation package is signed by an authorized source. The definition of an authorized source must be contained in the TSS. 

Guidance

None.

Tests

None.

FPT_TUD_EXT.1.4 should apply only to updates and FPT_TUD_EXT.2 should cover the digital signing of the installation package when  "as an additional software package to the OS" is selected in FPT_TUD_EXT.1.5.